Examples with Argument org.sonar.plugins.python.api.tree.Argument used on opensource projects

Search in sources :

Example 11 with Argument

use of org.sonar.plugins.python.api.tree.Argument in project sonar-python by SonarSource.

the class VerifiedSslTlsCertificateCheck method sslSetVerifyCheck.

/**
 * Check for the <code>OpenSSL.SSL.Context.set_verify</code> flag settings.
 *
 * Searches for `set_verify` invocations on instances of `OpenSSL.SSL.Context`,
 * extracts the flags from the first argument, checks that the combination of flags is secure.
 *
 * @param subscriptionContext the subscription context passed by <code>Context.registerSyntaxNodeConsumer</code>.
 */
private static void sslSetVerifyCheck(SubscriptionContext subscriptionContext) {
    CallExpression callExpr = (CallExpression) subscriptionContext.syntaxNode();
    boolean isSetVerifyInvocation = ofNullable(callExpr.calleeSymbol()).map(Symbol::fullyQualifiedName).filter(SET_VERIFY::equals).isPresent();
    if (isSetVerifyInvocation) {
        List<Argument> args = callExpr.arguments();
        if (!args.isEmpty()) {
            Tree flagsArgument = args.get(0);
            if (flagsArgument.is(Tree.Kind.REGULAR_ARGUMENT)) {
                Set<QualifiedExpression> flags = extractFlags(((RegularArgumentImpl) flagsArgument).expression());
                checkFlagSettings(flags).ifPresent(issue -> subscriptionContext.addIssue(issue.token, MESSAGE));
            }
        }
    }
}
Also used : RegularArgument(org.sonar.plugins.python.api.tree.RegularArgument) Argument(org.sonar.plugins.python.api.tree.Argument) QualifiedExpression(org.sonar.plugins.python.api.tree.QualifiedExpression) Symbol(org.sonar.plugins.python.api.symbols.Symbol) Tree(org.sonar.plugins.python.api.tree.Tree) CallExpression(org.sonar.plugins.python.api.tree.CallExpression)

Example 12 with Argument

use of org.sonar.plugins.python.api.tree.Argument in project sonar-python by SonarSource.

the class XMLParserXXEVulnerableCheck method checkSettingFeatureGesToTrue.

private static boolean checkSettingFeatureGesToTrue(CallExpression callExpression) {
    List<Argument> arguments = callExpression.arguments();
    if (arguments.size() != 2 || arguments.stream().anyMatch(argument -> !argument.is(Tree.Kind.REGULAR_ARGUMENT))) {
        return false;
    }
    Expression first = ((RegularArgument) arguments.get(0)).expression();
    Expression second = ((RegularArgument) arguments.get(1)).expression();
    if (!(first instanceof HasSymbol)) {
        return false;
    }
    Symbol symbol = ((HasSymbol) first).symbol();
    if (symbol == null) {
        return false;
    }
    return "xml.sax.handler.feature_external_ges".equals(symbol.fullyQualifiedName()) && !Expressions.isFalsy(second);
}
Also used : RegularArgument(org.sonar.plugins.python.api.tree.RegularArgument) Optional.ofNullable(java.util.Optional.ofNullable) PythonSubscriptionCheck(org.sonar.plugins.python.api.PythonSubscriptionCheck) HasSymbol(org.sonar.plugins.python.api.tree.HasSymbol) SubscriptionContext(org.sonar.plugins.python.api.SubscriptionContext) TreeUtils(org.sonar.python.tree.TreeUtils) List(java.util.List) CallExpression(org.sonar.plugins.python.api.tree.CallExpression) QualifiedExpression(org.sonar.plugins.python.api.tree.QualifiedExpression) Argument(org.sonar.plugins.python.api.tree.Argument) NameImpl(org.sonar.python.tree.NameImpl) Expression(org.sonar.plugins.python.api.tree.Expression) Tree(org.sonar.plugins.python.api.tree.Tree) Rule(org.sonar.check.Rule) CheckForNull(javax.annotation.CheckForNull) Symbol(org.sonar.plugins.python.api.symbols.Symbol) Nullable(javax.annotation.Nullable) RegularArgument(org.sonar.plugins.python.api.tree.RegularArgument) Argument(org.sonar.plugins.python.api.tree.Argument) CallExpression(org.sonar.plugins.python.api.tree.CallExpression) QualifiedExpression(org.sonar.plugins.python.api.tree.QualifiedExpression) Expression(org.sonar.plugins.python.api.tree.Expression) HasSymbol(org.sonar.plugins.python.api.tree.HasSymbol) Symbol(org.sonar.plugins.python.api.symbols.Symbol) RegularArgument(org.sonar.plugins.python.api.tree.RegularArgument) HasSymbol(org.sonar.plugins.python.api.tree.HasSymbol)

Example 13 with Argument

use of org.sonar.plugins.python.api.tree.Argument in project sonar-python by SonarSource.

the class HttpOnlyCookieCheck method searchForFalsySessionCookieHttponlyInDictCons.

private static Optional<Expression> searchForFalsySessionCookieHttponlyInDictCons(CallExpression callExpression) {
    Symbol callee = callExpression.calleeSymbol();
    if (callee != null && "dict".equals(callee.fullyQualifiedName())) {
        for (Argument arg : callExpression.arguments()) {
            if (arg.is(Tree.Kind.REGULAR_ARGUMENT)) {
                RegularArgument regArg = (RegularArgument) arg;
                Name key = regArg.keywordArgument();
                if (key != null && SESSION_COOKIE_HTTPONLY.equals(key.name()) && Expressions.isFalsy(regArg.expression())) {
                    return Optional.of(regArg.expression());
                }
            }
        }
    }
    return Optional.empty();
}
Also used : RegularArgument(org.sonar.plugins.python.api.tree.RegularArgument) Argument(org.sonar.plugins.python.api.tree.Argument) Symbol(org.sonar.plugins.python.api.symbols.Symbol) RegularArgument(org.sonar.plugins.python.api.tree.RegularArgument) Name(org.sonar.plugins.python.api.tree.Name)

Example 14 with Argument

use of org.sonar.plugins.python.api.tree.Argument in project sonar-python by SonarSource.

the class PubliclyWritableDirectoriesCheck method initialize.

@Override
public void initialize(Context context) {
    context.registerSyntaxNodeConsumer(Kind.STRING_ELEMENT, ctx -> {
        StringElement tree = (StringElement) ctx.syntaxNode();
        String stringElement = Expressions.unescape(tree).toLowerCase(Locale.ENGLISH);
        if (UNIX_WRITABLE_DIRECTORIES.stream().anyMatch(dir -> containsDirectory(stringElement, dir)) || WINDOWS_WRITABLE_DIRECTORIES.matcher(stringElement).matches()) {
            ctx.addIssue(tree, MESSAGE);
        }
    });
    context.registerSyntaxNodeConsumer(Kind.CALL_EXPR, ctx -> {
        CallExpression tree = (CallExpression) ctx.syntaxNode();
        List<Argument> arguments = tree.arguments();
        if (isOsEnvironGetter(tree) && arguments.stream().filter(arg -> arg.is(Kind.REGULAR_ARGUMENT)).map(RegularArgument.class::cast).map(RegularArgument::expression).anyMatch(PubliclyWritableDirectoriesCheck::isNonCompliantOsEnvironArgument)) {
            ctx.addIssue(tree, MESSAGE);
        }
    });
    context.registerSyntaxNodeConsumer(Kind.SUBSCRIPTION, ctx -> {
        SubscriptionExpression tree = (SubscriptionExpression) ctx.syntaxNode();
        if (isOsEnvironQualifiedExpression(tree.object()) && tree.subscripts().expressions().stream().anyMatch(PubliclyWritableDirectoriesCheck::isNonCompliantOsEnvironArgument)) {
            ctx.addIssue(tree, MESSAGE);
        }
    });
}
Also used : Arrays(java.util.Arrays) RegularArgument(org.sonar.plugins.python.api.tree.RegularArgument) StringElement(org.sonar.plugins.python.api.tree.StringElement) PythonSubscriptionCheck(org.sonar.plugins.python.api.PythonSubscriptionCheck) HasSymbol(org.sonar.plugins.python.api.tree.HasSymbol) StringLiteral(org.sonar.plugins.python.api.tree.StringLiteral) Kind(org.sonar.plugins.python.api.tree.Tree.Kind) List(java.util.List) CallExpression(org.sonar.plugins.python.api.tree.CallExpression) SubscriptionExpression(org.sonar.plugins.python.api.tree.SubscriptionExpression) Locale(java.util.Locale) Argument(org.sonar.plugins.python.api.tree.Argument) Expression(org.sonar.plugins.python.api.tree.Expression) Pattern(java.util.regex.Pattern) Rule(org.sonar.check.Rule) Expressions(org.sonar.python.checks.Expressions) Symbol(org.sonar.plugins.python.api.symbols.Symbol) RegularArgument(org.sonar.plugins.python.api.tree.RegularArgument) Argument(org.sonar.plugins.python.api.tree.Argument) StringElement(org.sonar.plugins.python.api.tree.StringElement) RegularArgument(org.sonar.plugins.python.api.tree.RegularArgument) SubscriptionExpression(org.sonar.plugins.python.api.tree.SubscriptionExpression) CallExpression(org.sonar.plugins.python.api.tree.CallExpression)

Example 15 with Argument

use of org.sonar.plugins.python.api.tree.Argument in project sonar-python by SonarSource.

the class DebugModeCheck method initialize.

@Override
public void initialize(Context context) {
    context.registerSyntaxNodeConsumer(Kind.CALL_EXPR, ctx -> {
        CallExpression callExpression = (CallExpression) ctx.syntaxNode();
        List<Argument> arguments = callExpression.arguments();
        if (!(callExpression.callee() instanceof QualifiedExpression)) {
            return;
        }
        if ("django.conf.settings.configure".equals(getQualifiedName(callExpression)) && !arguments.isEmpty()) {
            arguments.stream().filter(DebugModeCheck::isDebugArgument).forEach(arg -> ctx.addIssue(arg, MESSAGE));
        }
    });
    context.registerSyntaxNodeConsumer(Kind.ASSIGNMENT_STMT, ctx -> {
        if (!settingFiles.contains(ctx.pythonFile().fileName())) {
            return;
        }
        AssignmentStatement assignmentStatementTree = (AssignmentStatement) ctx.syntaxNode();
        for (ExpressionList lhsExpression : assignmentStatementTree.lhsExpressions()) {
            boolean isDebugProperties = lhsExpression.expressions().stream().anyMatch(DebugModeCheck::isDebugIdentifier);
            if (isDebugProperties && isTrueLiteral(assignmentStatementTree.assignedValue())) {
                ctx.addIssue(assignmentStatementTree, MESSAGE);
            }
        }
    });
}
Also used : RegularArgument(org.sonar.plugins.python.api.tree.RegularArgument) Argument(org.sonar.plugins.python.api.tree.Argument) QualifiedExpression(org.sonar.plugins.python.api.tree.QualifiedExpression) AssignmentStatement(org.sonar.plugins.python.api.tree.AssignmentStatement) CallExpression(org.sonar.plugins.python.api.tree.CallExpression) ExpressionList(org.sonar.plugins.python.api.tree.ExpressionList)

Aggregations

Argument (org.sonar.plugins.python.api.tree.Argument)22 RegularArgument (org.sonar.plugins.python.api.tree.RegularArgument)21 CallExpression (org.sonar.plugins.python.api.tree.CallExpression)12 Symbol (org.sonar.plugins.python.api.symbols.Symbol)9 Name (org.sonar.plugins.python.api.tree.Name)7 Expression (org.sonar.plugins.python.api.tree.Expression)6 QualifiedExpression (org.sonar.plugins.python.api.tree.QualifiedExpression)5 List (java.util.List)4 ArgList (org.sonar.plugins.python.api.tree.ArgList)3 HasSymbol (org.sonar.plugins.python.api.tree.HasSymbol)3 Tree (org.sonar.plugins.python.api.tree.Tree)3 UnpackingExpression (org.sonar.plugins.python.api.tree.UnpackingExpression)3 Rule (org.sonar.check.Rule)2 PythonSubscriptionCheck (org.sonar.plugins.python.api.PythonSubscriptionCheck)2 FunctionSymbol (org.sonar.plugins.python.api.symbols.FunctionSymbol)2 BinaryExpression (org.sonar.plugins.python.api.tree.BinaryExpression)2 ExpressionList (org.sonar.plugins.python.api.tree.ExpressionList)2 StringLiteral (org.sonar.plugins.python.api.tree.StringLiteral)2 ArrayList (java.util.ArrayList)1 Arrays (java.util.Arrays)1
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial